--- # Optional: Prometheus Ingress (for direct access to Prometheus UI) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: prometheus-ingress namespace: observability annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # Optional: Add basic auth for security # nginx.ingress.kubernetes.io/auth-type: basic # nginx.ingress.kubernetes.io/auth-secret: prometheus-basic-auth # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' spec: ingressClassName: nginx tls: - hosts: - prometheus.betelgeusebytes.io secretName: prometheus-tls rules: - host: prometheus.betelgeusebytes.io http: paths: - path: / pathType: Prefix backend: service: name: prometheus port: number: 9090 --- # Optional: Loki Ingress (for direct API access) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: loki-ingress namespace: observability annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: ingressClassName: nginx tls: - hosts: - loki.betelgeusebytes.io secretName: loki-tls rules: - host: loki.betelgeusebytes.io http: paths: - path: / pathType: Prefix backend: service: name: loki port: number: 3100 --- # Optional: Tempo Ingress (for direct API access) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tempo-ingress namespace: observability annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: ingressClassName: nginx tls: - hosts: - tempo.betelgeusebytes.io secretName: tempo-tls rules: - host: tempo.betelgeusebytes.io http: paths: - path: / pathType: Prefix backend: service: name: tempo port: number: 3200